Search
Latest topics
Javascript Injection Attacking method
Page 1 of 1
Javascript Injection Attacking method
Interested in javascript injection? Good! It's one of the most fun exploits out there. A couple things you can do with it (depending on how well the admin secured the site) is to set countdowns to 0 (for downloads and stuff), change gender to 'Alien' or whatever you want (on your profile), and other fun stuff.
I'm not going to go in to very much detail with this because last time I did that I accidently deleted my article and I don't feel like doing it all over again. Let's look at a basic input and learn what we can do to change it:
<form name"buy" method="POST" action="">
<input type="hidden" name="item" value="book">
<input type="hidden" name="price" value="20.00">
</form>
<form name="buy" method="POST" action="">
<input type="hidden" name="item" value="laptop">
<input type="hidden" name="price" value="999.99">
</form>
Okay, let's say this is a shopping form. I have actually seen something very similar to this, only you got hosting with it. So, you probably know that computer arrays start at 0. You usually enter javascript injection to the url bar, so let's look at how to set the price of the laptop to $0.00!
javascript:void(document.forms[1].price.value="0.00");
Now, the javascript: part means we are entering javascript (obviously), the void function means we are changing something. We then type document. to say it's on this page, or we are editing something on this page. Then, when we get to the forms
part, we are choosing which form to edit. Since we said forms[1], we are editing the second one. We then select by name which input we want to change and put the name there (we are using price.) then we are going to set the value of it (since that's where the price is). So we say value="0.00" to set it to $0.00.
Isn't that lovely? You can also edit cookies like this:
javascript:void(document
I'm not going to go in to very much detail with this because last time I did that I accidently deleted my article and I don't feel like doing it all over again. Let's look at a basic input and learn what we can do to change it:
<form name"buy" method="POST" action="">
<input type="hidden" name="item" value="book">
<input type="hidden" name="price" value="20.00">
</form>
<form name="buy" method="POST" action="">
<input type="hidden" name="item" value="laptop">
<input type="hidden" name="price" value="999.99">
</form>
Okay, let's say this is a shopping form. I have actually seen something very similar to this, only you got hosting with it. So, you probably know that computer arrays start at 0. You usually enter javascript injection to the url bar, so let's look at how to set the price of the laptop to $0.00!
javascript:void(document.forms[1].price.value="0.00");
Now, the javascript: part means we are entering javascript (obviously), the void function means we are changing something. We then type document. to say it's on this page, or we are editing something on this page. Then, when we get to the forms
part, we are choosing which form to edit. Since we said forms[1], we are editing the second one. We then select by name which input we want to change and put the name there (we are using price.) then we are going to set the value of it (since that's where the price is). So we say value="0.00" to set it to $0.00.
Isn't that lovely? You can also edit cookies like this:
javascript:void(document
Similar topics
» SQL Injection
» JavaScript
» Hàm mã hóa MD5 bằng JavaScript
» Sql Injection Exploit Code
» kiểm tra email bang JavaScript
» JavaScript
» Hàm mã hóa MD5 bằng JavaScript
» Sql Injection Exploit Code
» kiểm tra email bang JavaScript
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Thu Aug 23, 2012 5:38 am by Admin
» Tuyệt kỹ cua giai
Thu Aug 23, 2012 5:36 am by Admin
» NETCAT.........
Mon Aug 13, 2012 6:35 am by Admin
» Bảo mật CSDL bằng phương pháp mã hóa.
Tue Apr 17, 2012 10:04 pm by Admin
» Hàm mã hóa MD5 bằng JavaScript
Tue Apr 17, 2012 10:03 pm by Admin
» Giá của món quà
Fri Apr 13, 2012 6:01 am by Admin
» Sẽ chỉ yêu ai?
Fri Apr 13, 2012 6:01 am by Admin
» Cách đọc bảng chữ cái!
Thu Apr 12, 2012 10:37 pm by Admin
» Gắn trojan, keylog, virus vào website, forum
Tue Apr 10, 2012 1:14 am by Admin